Gartner Blog Network

Gartner Dubai Symposium: An Interactive Conversation on Security and Risk Management

by French Caldwell  |  April 8, 2014  |  4 Comments


A couple of months ago, the conference chair for Gartner’s Dubai Symposium, Mary Mesaglio, presented me a challenge.  She said, “French, we need more local content and more security content.  What’s possible?”

Having made some trips to the Gulf region in the last year, I’d met some really interesting people and heard some great stories.  I told Mary that perhaps we could do a panel.  I shared this idea with some other Gartner associates who have experience in the Middle East and some who work there, and there was real skepticism as to whether we could find panelists willing to share their stories and best practices on security.  Some colleagues told me that the culture just wouldn’t support that kind of open sharing around topics as sensitive as security and risk management.  When I told them that I was going to get the audience to participate in the discussion as well, I met with even more skepticism.

With the assistance of our Gulf region account executives, I reached out to two security and risk management leaders in the region whom I had met on earlier trips, José Rossi at RasGas in Qatar, and Amair Saleem at Dubai Road and Transport Authority.  RasGas had been the target of a highly publicized cyber attack in 2012, and I knew that would grab the attention of attendees, and RTA operates one of the most technologically advanced driverless Metro systems in the world — which represents a breadth of risk management challenges.  Their two organizations also demonstrate the convergence of operational technology (OT) and IT security and risk management.

José and Amair agreed to join the panel, and my colleague Kristian Steenstrup who leads our OT research community at Gartner also joined.  Not only did this panel work out extremely well, the audience itself joined the panel — it was an hour long lively discussion among the attendees and panelists of security and risk management challenges and sharing of practices for dealing with those.  The idea that security and risk management leaders, and CIOs — there were a number of them joining in as well — will not openly share with each other their challenges and solutions is a myth in the Gulf as it is in all the other regions where I have tried this interactive format.  Clearly the panelists and the audience participants saw value in sharing and connecting with each other.

Here are key takeaways from the audience and panelists:

1 — Security awareness: Inducements are very important, such as including metrics in performance appraisals, rewards for tip of the week, and even providing security for personal IT in the home

2 — Risk Management: Should start from business objectives, can’t be a stand-alone function, and risk ownership must be unambiguous

3 — Cloud risk management: Data classification is essential in deciding what can go on the cloud and the type of cloud allowed

This panel and audience were the most dynamic and engaging that I have seen in a long time, and I am grateful to Amair, José, Kristian and the audience participants for contributing, to Mary for insisting that we do this, and to our events program manager Rutuja Vadhavkar for making the arrangements to add this session.


Join us for the first ever Gartner Security and Risk Management Summit in Dubai, 15-16 September 2014.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud  cybersecurity  risk-management  

French Caldwell
VP and Gartner Fellow
15 years at Gartner
19 years IT industry

French Caldwell is a vice president and Gartner Fellow in Gartner Research, where he leads governance, risk and compliance research. Mr. Caldwell also writes and presents on knowledge management. His research includes analysis of the impact… Read Full Bio

Thoughts on Gartner Dubai Symposium: An Interactive Conversation on Security and Risk Management

  1. alexa ellen says:

    I saw this really good post today. I am very impressed. I always seek for such information and I rarely find some with all this precision. Thanks you alot. Regarding the 1st part, this is amazing I didn’t know that this is the real fact about it. Well again, good post.

    Web development services Dubai

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.